Posted by A. W. on Feb 14

[+] HumHub .htaccess file upload vulnerability and remote code execution
[+] Discovered by: Jos Wetzels
[+] Vendor: HumHub
[+] Product: HumHub
[+] Versions affected: 0.10.0 and earlier.
[+] Advisory URL: https://www.leakfree.nl/advisories/leakfree_2015_003.html

HumHub [1] versions 0.10.0 and prior suffer from a file upload
sanitation vulnerability which allows an attacker to upload arbitrary
.htaccess files with varying consequences [2]. On…